RubyGems slings patch at nasty redirect trojan holes

Get patching: new vulns in the RubyGems developer distribution platform could expose millions of users to malicious redirects.

The hole (CVE-2015-3900) since patched means clients could be pushed to Gem severs hosting malicious content even if HTTPS is employed.

Attackers further benefited since RubyGems Gems Server Discovery did not validate if DNS replies are from the same security domain as gem sources. Gems are used in Ruby libraries for software development and distribution and are pushed out to servers for user installation.

Tags:

Security

Story added 24. June 2015, content source with full text you can find at link above.

Comments are closed.

More antivirus and malware news?

Twilio, HashiCorp Among Codecov Supply Chain Hack Victims
Nike FuelBand — out of gas already?
CrowdStrike and Delta Fight Over Who’s to Blame for the Airline Canceling Thousands of Flights
Unnoticed Firefox attacker had access to severe vulnerabilities for over a year
Adobe Patches 17 Vulnerabilities in Reader, Acrobat
Stopping Threats Starts with Getting Back to the Basics
10 questions for Ping Identity CTO Patrick Harding
SSCC 126 – Zero-day, Bitcoins, passwords and randomness [PODCAST]
Technical Details Released for Recently Patched Zyxel Firewall Vulnerabilities
Take part in the 2021 IT Salary Survey

RubyGems slings patch at nasty redirect trojan holes

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts